Skip to main content
Sign Up

ggshield hmsl check

Beta program

Please note that Has My Secret Leaked features are currently in beta.

Description

Check if secrets have leaked.

ggshield hmsl check [OPTIONS] PATH

Note: Secrets can be read from stdin using ggshield hmsl check -.

Options

  • --json: Use JSON output.

  • -f, --full-hashes: Put the full hashes into the payload instead of the prefixes. This is useful for partners that trust GitGuardian because it allows to send more hashes per batch, and consumes less credits.

  • -n, --naming-strategy [censored|cleartext|none|key]: Strategy to generate the hints in the output.

    • censored: only the first and last characters are displayed.
    • cleartext: the full secret is used as a hint (Not recommended!).
    • none: no hint is generated.
    • key: the key name is selected if available (e.g. in .env files), otherwise censored is used.

    Default: key.

  • -t, --type [file|env]: Type of input to process.

    • file: the input is a simple file containing secrets.
    • env: the input is a file containing environment variables.

    Default: file.

This command supports all ggshield global options.

Example

Given a secrets.txt file containing:

sup3rstr0ngpass1ForGG
hjshnk5ex5u34565AWS654/JKGjhz545d89sjkja
hjshmq1no2v59001AWS792/PMDaax001t52sjkja
$ ggshield hmsl check secrets.txt
Collecting secrets...
Collected 3 secrets.
Querying HasMySecretLeaked...
97 credits left for today.
Found 2 leaked secrets.

> Secret 1
Secret name: "hjshnk5**************************89sjkja"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 96
First occurrence:
    URL: "https://github.com/ChrisJStone/gitflow-cjs/commit/1c9b5b4286361ee88d64305e5a0080f03570cc5e#diff-02557643ffc95ebd4d6d5a96c612319db32179d87b36cb1f78d2f4305c80b994R10"


> Secret 2
Secret name: "sup3*************orGG"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 33
First occurrence:
    URL: "https://github.com/akansha-nec/Sample2/commit/b06ae6b5e0869657faff9aef37fe2a1afc39370f#diff-9d6176320759464781692ac6ec7d84d987716bad52218e13ac3219c6004e630fR4"

Here’s an additional example when nothing is found:

$ ggshield hmsl check secrets2.txt
Collecting secrets...
Collected 1 secrets.
Querying HasMySecretLeaked...
99 credits left for today.
All right! No leaked secret has been found.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?